greensql alternative for sql server

I need a tool for sql server that has similar functions to greensql (SQL inj protection). G开发者_Go百科reensql website

Most client platforms that talk to sql server have support for query parameters. So you'll send a command to the server with a placeholder (variable name) for a value that looks like this:

SELECT columns FROM [table] WHERE ID= @SomeParameter

The client code will send along the value for @SomeParameter boxed up separately from the actually sql code, and it's set up similar to a variable in tsql so it is never substituted into the query string directly. Data is data, code is code, and never the two shall mix.

You could put anything you want in there, and no matter what you try it's never to to be executed as code. It just won't happen. This is better than a sanitization audit, because you never have to worry about bugs in the parser, what happens when the next version of Sql Server adds a new feature that breaks the old parser, or if your sanitzer is mangling queries.

So if you build your apps correctly, there's not a real need for such a product in sql server. Now, it's possible that this kind of product might enforce the use of good procedures by your developers (or just act as a background layer in case they do it wrong), but it seems to me that it would be better to spend your energy on getting it right in the first place.

The auditing features, on the other hand, look more interesting to me. A CTO could put this product between the DB Servers and the DBA's. The DBA's would still have full access to the server, but the CTO would have a way to audit them where they can't cover their tracks.

And using 'audit' in conjunction with sql server rather than 'injection' as the search vector in google now turns up a few products, including this one:
http://www.enforcive.com/